34. • Not to remove risk
• To raise awareness and visibility of risks
• To manage risks by mitigation actions to
prevent major impact
• To prepare for contingency
41. What Is A Risk?
• A potential event with negative consequences that has not
happened yet
– However a risk could also be defined as the event with unforeseen
positive consequences; an Opportunity
• A possibility of loss — not the loss itself!
– A source of problem during a project
– Avoid labeling the cost of a risk as a risk (e.g. Schedule slippage). Find
the sources!
– Strike at the root of the problem, not the leaves!
• Something that makes the project special
• In the widest sense everything is a risk
• There are better ways of handling recurrent problems!
42. Two Basic Classifications
• Known unknowns
– Things that we know we don’t know
• Unknown unknowns
– Risks that surface despite our best efforts
43. Types of Risk
Financial (e.g. gearing/interest rates, liquidity, foreign exchange,
commodity prices, systemic risks etc)
Credit (e.g. customer default, failure of key partner/supplier)
Operational (e.g. business continuity, service quality)
Strategic (e.g. changes in markets, customers, products, M&A, major
capital investments/projects)
Legislative (e.g. HSE, anti-competitive practices, stock market rules)
Political (e.g. Country risk, civil commotions, nationalisation)
Environment (e.g. natural disasters, pollution, global warming impacts,
diseases/pandemics)
3rd Party (e.g. risks of being let down by partners, key suppliers, outsource
providers etc)
44. Logistex Corporate Risk Register
Business Projects
• M&A • Technology
• Capital expenditures • New roles
• Factory moves/closures • Ill defined specifications
• New product development • Sourcing and supply chain
• Supply chain development • Terms and Conditions
• Organizational restructuring • People
• Corporate Social Responsibility • Organisational
• HSE • Estimation
• Environment
• Currency
• Competencies
52. Project Risk Profile
• Profiling output
determines weight of
Bid Approval and
Project Execution
Process
53.
54. Risk Mapping
• Hold a Risk Workshop for
key members of project,
stakeholder, suppliers etc.
HGIH
• Brainstorm types of risk and
PROBABILITY
categorise in terms of size
MEDIUM
of impact.
• Then assess probability of
occurrence and populate
LOW
Prioritising Risk Matrix
opposite.
LOW MEDIUM HGIH
• Risks should be owned and
tracked. IMPACT
56. Method
• Describe the Risks
– Brainstorming potential risks
– Walkthrough of the risk identification checklist
57. Method
• Common language
– Clear and accurate description
– Formulated as an “IF..THEN…” statement
• Example 1
– “The equipment will arrive late and we will incur liquidated
damages.”
• Example 2
– “IF customs requires additional paperwork and this delays
the release of the equipment, which delays the installation,
THEN we will incur liquidated damages.”
58.
59. Method
• Analyze and Prioritize Risks
– Walkthrough risk sheet and estimate the
probability and cost impact of each risk
– Calculate risk rating of each risk (e.g. probability *
impact)
– Concentrate on Key Risks
60. Probability
What Is the Probability the Risk Will Happen?
Level Your Approach and Processes...
1 Not Likely: …will effectively avoid or mitigate this risk based on
standard practices.
2 Low Likelihood: …have usually mitigated this type of risk with minimal
oversight in similar cases.
3 Likely: …may mitigate this risk, but workarounds will be
required.
4 Highly Likely: ...cannot mitigate this risk, but a different approach
might
5 Near Certainty: ...cannot mitigate this type of risk; no known processes
or workarounds are available
61. Impact
Given the risk is realised, what would be the magnitude of the Impact?
Level Technical Schedule Cost
1 Minimal or no impact Minimal or no impact Minimal or no impact
2 Minor pert shortfall, Additional activities Budget increase of less
same approach retained required; able to meet than 1%
key dates
3 Mod pert shortfall, but Minor schedule slip; Budget increase of less
workarounds available will miss need date than 5%
4 Unacceptable; but Program critical path Budget increase of less
workarounds available affected than 10%
5 Unacceptable; no Cannot achieve key Budget increase of less
alternatives exist program milestone than 10%
62.
63. RISK
Reject / Transfer / Reduce Reduce
Accept
Eliminate Insure Probability Impact
Actions
64. Mitigation and Contingency Planning
• List Mitigation Actions
– Start with most severe risks
– List possible actions to reduce probability and/or
cost
– Some risks can be avoided
• Contingency Planning
– Only for the most severe risks that cannot be
mitigated
– List actions to take should the risk mature
65. Risk Provisions
• Provision = (Probability x Impact) + Mitigation cost
• Mitigation cost may out way the Impact cost
– Manage to the Risk
71. • Eliminate the risk NOW - scope, terms & conditions, reject.
• Do something NOW to transfer the risks - Insurer, customer,
supplier.
• Do something NOW to reduce the probability of the risks
occurring.
• Plan contingency actions NOW to reduce the impact if the
risk occurs.
• Set up fallback plans NOW to limit the impact for
implementation before the risk occurs.
• Get everybody’s agreement if you will just accept the risk.
77. Continuity and Consistency
• Monthly and Gate Based Reviews
1
2
HGIH
8
3
PROBABILITY
12 5
11 4
MEDIUM
10
14 6
13 9
10
OTHER 15
7
LOW
RISKS
LOW MEDIUM HGIH
IMPACT
78. Who is involved in Risk Management?
• Customer
• End-user
• Project Team
• Management
• Product Management
• Related Projects
• Subcontractors and Suppliers
79. Roles in Risk Management
• Business Unit
• Project Team
• Risk Action Owner
• Risk Coordinator
• Steering Group
80. Risk Roll up & Action Flow-down
Corporate
Risk Action Risk Roll-up
Flow-down Business Unit
Business
Project
Task
• Risk Escalation
– Risks outside the control of the area or affecting next levels objectives
• Risk Action Flow-down
– Actions to ensure business objectives are met (Business Plan
Deployment)
83. Risk management should…
• be an integral part of organisational processes
• be systematic and structured
• be based on the best available information
• take into account human factors
• be transparent and inclusive
• be dynamic, and responsive to change
• be tailored
• deliver better projects